Linked by Thom Holwerda on Tue 12th Jan 2010 23:38 UTC
Google Ah, and there we have it: another chapter in the discussion between open and closed when it comes to application stores. A phishing application, masquerading as a banking application from First Tech Credit Union, made its way onto the Android Market. It was removed quickly, but the damage is done.
Thread beginning with comment 403809
To read all comments associated with this story, please click here.
App Market model fundementally flawed
by rafial on Wed 13th Jan 2010 05:48 UTC
rafial
Member since:
2007-12-04

For my part, I view this as further proof that the "App Market" model, whether "open" or closed is fundamentally flawed. It creates problems for developers, by forcing them to dance to the tune of some gatekeeper, and severing the direct interaction between software users and software creators, at the same time it gives users a false sense of safety by giving apps sold through such markets a veneer of legitimacy. With traditional computer software, coming from a multiplicity of sources, users have learned to think critically about whether a piece of software might be trustworthy or not (e.g. in the case of a banking client, is this coming from the bank's website or not?), but in the case of these App Stores, all software is poured into one giant soup, associated with a credible source (Apple or Google) with the wave of a magic wand, and then consumers are left to fend for themselves.

Personally, I consider "App Stores" to be a huge step backwards the the distribution of software. Hopefully they'll prove to be an aberration in the long run.

Reply Score: 2

Laurence Member since:
2007-03-26

For my part, I view this as further proof that the "App Market" model, whether "open" or closed is fundamentally flawed. It creates problems for developers, by forcing them to dance to the tune of some gatekeeper, and severing the direct interaction between software users and software creators, at the same time it gives users a false sense of safety by giving apps sold through such markets a veneer of legitimacy. With traditional computer software, coming from a multiplicity of sources, users have learned to think critically about whether a piece of software might be trustworthy or not (e.g. in the case of a banking client, is this coming from the bank's website or not?), but in the case of these App Stores, all software is poured into one giant soup, associated with a credible source (Apple or Google) with the wave of a magic wand, and then consumers are left to fend for themselves.

Personally, I consider "App Stores" to be a huge step backwards the the distribution of software. Hopefully they'll prove to be an aberration in the long run.


So one phishing app ended up on Google's market.
Yeah it's a great shame, I feel for the users and perhaps means Google might have to review their policy on accepting banking (and other related) apps.
However it's hardly worse than expecting users to search the net looking for these apps themselves.

You state that users have learned to think critically - well I'd argue they haven't:
* people still reply to those stupid scam e-mails ("I am a [insert minority nation] prince...", "You have one the Mars colony lottery...", etc)
* people still use Limewire and Bit-torrent to download software,
* and some people still don't even run virus scanners!

And those that aren't stupid enough to do any of the above (but still aren't computer literate like us) still have to differentiate between fake web sites and real ones (where fake sites pretend to be authentic and offer apps to download but said apps contain spyware)

The internet is a bog of scams and malware.
So sometimes it takes a technical eye to tell the difference between 'safe' and 'spyware' when you're after popular software.

So stating that millions of users are better off completely out on their own because one app slips through on Google's market is a touch unfair.

Sure this will be embarissing for Google and a PITA for their customers - but hopefully Google will learn from this and move on.

Reply Parent Score: 5

ivaniclixx Member since:
2008-07-14

A "virus scanner" is, IMHO, one of the best example of what a virus is: It makes your computer run slower, with more stupid questions about opening/doing everything, and still doesn't guarantee anything.

So, no, I don't run a virus scanner on my XP.

Reply Parent Score: 1

werpu Member since:
2006-01-18

It depends Google handles the gatekeeper role pretty well, they do not enforce anything, but pull out an app quickly once there are reports of being malware etc...
and unlike Apple google does not force the developers into the app store, every android phone allows to install third party applications directly or from the web (checkbox allow installations from unknown sources in the settings)
So far I am pretty happy in the way google handles everything.

Reply Parent Score: 3

Karitku Member since:
2006-01-12

Interesting argument. It would also mean that Linux application hives or what a hell you call them these days are also faulty, since in essence they are app stores or rather app warehouses.

I do agree that centralized installation pools have problems. I don't however think that issue raised in this news is true problem. Bigger problem is to find anything on those. Look Apple MarketPlace which is filled with clone apps and hoax reviews, rendering it partly useless.

I think major problem with Android store is lack of control, something that this showed. Google should increase control and testing of applications. I still think Android store is best compared to Nazi-Apple Store and Give all Money Microsoft MarketPlace.

Reply Parent Score: 2

Laurence Member since:
2007-03-26

Interesting argument. It would also mean that Linux application hives or what a hell you call them these days are also faulty, since in essence they are app stores or rather app warehouses.


I don't think it's a big a problem on Linux since the apps on are open source (ie the package maintainers can go in and remove offending code should there be any).

But obviously, even open source is no guarantee as it's impossible to check all of the source all of the time and furthermore Linux's repository model wouldn't work for the iPhone/Android et al as there's a whole business around the sale of closed binaries on those platforms.

Reply Parent Score: 2

WorknMan Member since:
2005-11-13

With traditional computer software, coming from a multiplicity of sources, users have learned to think critically about whether a piece of software might be trustworthy or not (e.g. in the case of a banking client, is this coming from the bank's website or not?)


Only the more literate users have learned to think critically in this way. If it were the case that ALL users were actually paying attention to what they were installing instead of just double clicking on 'angelina_jolie_nude.jpg.exe', Windows would be the most secure OS on the market ;)

Reply Parent Score: 2